Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

1

64799a0a41...c0.exe

windows7-x64

7

64799a0a41...c0.exe

windows10-2004-x64

7

$PLUGINSDI...OB.dll

windows7-x64

3

$PLUGINSDI...OB.dll

windows10-2004-x64

3

OfferBox.exe

windows7-x64

1

OfferBox.exe

windows10-2004-x64

1

OfferBoxBHO.dll

windows7-x64

6

OfferBoxBHO.dll

windows10-2004-x64

6

OfferboxCh...in.dll

windows7-x64

3

OfferboxCh...in.dll

windows10-2004-x64

3

background.html

windows7-x64

1

background.html

windows10-2004-x64

1

contentscript.js

windows7-x64

1

contentscript.js

windows10-2004-x64

1

OfferBoxEngine.dll

windows7-x64

1

OfferBoxEngine.dll

windows10-2004-x64

1

OfferBoxLauncher.exe

windows7-x64

1

OfferBoxLauncher.exe

windows10-2004-x64

1

offerboxff...nts.js

windows7-x64

1

offerboxff...nts.js

windows10-2004-x64

1

offerboxff...om.dll

windows7-x64

1

offerboxff...om.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    141s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18/01/2024, 04:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    64799a0a4118c6ccb56c8c8bd9dae0c0.exe

  • Size

    1.7MB

  • MD5

    64799a0a4118c6ccb56c8c8bd9dae0c0

  • SHA1

    bcd05bf2b8a1e6920f3fb936f51676b90d00fe27

  • SHA256

    a148412a5c1cc9aba0ecdbb3e44010aeac75b40f23492bd04c0127e558aa44ac

  • SHA512

    ae9c6e7ed1ffbd5ba864655de638c917dda149be41559d21eabc9236ab887158a89770f28e6fdb5f95b659c3415cd4722c71c23d1fa1d56d8e6d6acfd2e4a49e

  • SSDEEP

    49152:NFHplMNmSOZZSctRqhzS+sGjP5rUBBO4xOAL:Nlp6mSOZsctizzHjxUBH

Score
7/10
adwarediscoverystealer

Malware Config

Signatures

  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 5 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Installs/modifies Browser Helper Object 2 TTPs 3 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Drops file in Program Files directory 14 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 4 IoCs
    adwarespyware
  • Modifies registry class 50 IoCs
  • Suspicious use of FindShellTrayWindow 10 IoCs
  • Suspicious use of SendNotifyMessage 10 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\64799a0a4118c6ccb56c8c8bd9dae0c0.exe
    "C:\Users\Admin\AppData\Local\Temp\64799a0a4118c6ccb56c8c8bd9dae0c0.exe"
    1⤵
    • Loads dropped DLL
    • Installs/modifies Browser Helper Object
    • Drops file in Program Files directory
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:1208
    • C:\Program Files (x86)\OfferBox\OfferBox.exe
      "C:\Program Files (x86)\OfferBox\OfferBox.exe" /regserver
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Modifies registry class
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      PID:4424
    • C:\Program Files (x86)\OfferBox\OfferBoxLauncher.exe
      "C:\Program Files (x86)\OfferBox\OfferBoxLauncher.exe" -register
      2⤵
      • Executes dropped EXE
      PID:3756
  • C:\Program Files (x86)\OfferBox\OfferBox.exe
    "C:\Program Files (x86)\OfferBox\OfferBox.exe" -Embedding
    1⤵
    • Executes dropped EXE
    • Loads dropped DLL
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    PID:3868

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\OfferBox\OfferBox.exe
    Filesize

    1.9MB

    MD5

    2e33eb8d43cf15ec73e45baa0df06191

    SHA1

    34b8c49e032c4dd5f4245d6f2b2386628bd9c927

    SHA256

    9b1a56f7c746fd7a1c4113040e5c1b7abf90d77db448508989ed85d5bf589881

    SHA512

    3c20b01abc639d8f1496ac728af4e58b774e026ce4f146235c5d48d05ed580326bbe040a09639a40bad216e702034e10861d657d3b406a90f10d02a85b16b038

    Download Submit

  • C:\Program Files (x86)\OfferBox\OfferBoxBHO.dll
    Filesize

    131KB

    MD5

    b4b61f417df1f173a78a55e9029be6fb

    SHA1

    19facf2bc92cf281b21c704faeda72fdd2909fcf

    SHA256

    aef0ff4a4c0f589ea4839df6108b92adc024155281860703b28c70581aac6ee6

    SHA512

    ee9ad0a9acb8d1ba605aebdc061cbabfd5ad539169dbcef5c569be5e3b014ee7f33ad6313576a1aba4848886ee74f01d565192e06a124814ae1cae9c61b96ef6

    Download Submit

  • C:\Program Files (x86)\OfferBox\OfferBoxEngine.dll
    Filesize

    1.0MB

    MD5

    648bcb283d84f257184bb390d0d3a375

    SHA1

    35aeac1459e955f92eeb38074b6f8384843af6a0

    SHA256

    ba170abbf00b8a46a64626d30c2f39f2d69f4c7aaa7a0bddb4e2a79160cb2678

    SHA512

    f932f7ef1c72a1d2f327a497ad7ffd974fa85e21f67aed3a537c99d674665385751217b2b9fa7ef5c13bfa89a0c9d1c92065d365931335b536974a333896316b

    Download Submit

  • C:\Program Files (x86)\OfferBox\OfferBoxLauncher.exe
    Filesize

    68KB

    MD5

    7d440d531f816402dc37ce1b96b1b6b1

    SHA1

    546cec38de6f5fa617d82fd2425ef1ea5bf48897

    SHA256

    2b42fc2b6c09148273326ebee5bdb127bcca81b274028b69b8ca62b4cd8f4eac

    SHA512

    d2a8801f8a77dadc6e90ff99b60b9a22551c088ec29069e730bf4a940fa6be4f6ec6da0c7fc93a69ad6e3bf7ec24b2e502aacd50ec8033a35581e373546dd484

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nshA3F2.tmp\NsisPluginOB.dll
    Filesize

    239KB

    MD5

    3ee7387bfe2dfabc3bd86f39795bb0da

    SHA1

    66071d64229506aad7c802658001725eeab70c02

    SHA256

    123a2a7b785e24f415a6ebf5e56c807a028d2c45ba7d82f19c4e837b28a6f9db

    SHA512

    725c8d940be97b3eb080061c6f413f1676764be1d3cf1e0389550a24e73e694eb51ea2c19f51f1abd654a47cb45b6c3b48cf46f6b8b9d77c7874fd87db0e6c1c

    Download Submit

  • C:\Users\Admin\AppData\Roaming\OfferBox\config.xml
    Filesize

    382B

    MD5

    b0523fee0e6b4aa51239b1c2fe19041a

    SHA1

    e8aff3ed6c1c00cdceb859fa884d574a5729c7de

    SHA256

    f984248d611f48c5ac9c7b6e9c40dbc7fd39b2b247f9c73a226b7d1856c8b4b7

    SHA512

    29636d5e3da7a83e61fcd741b387eafdaf9a72fba9f4e4858d208c468233f2eaa8d767e963f527923c2aa1ffffb6f4d6c80777490f1c9cab3f9b2e4e3383c9b0

    Download Submit

  • C:\Users\Admin\AppData\Roaming\OfferBox\config.xml
    Filesize

    11B

    MD5

    eaf003049440ae581a82bbe5044fec5a

    SHA1

    d27464284670572b4f23b56f607fc5e6c455d804

    SHA256

    b40d6e47f206a46eef85dff0a9e238e150fd514e5d3c36e35787d6019404ab8a

    SHA512

    40b3d3a1e2734b0d7c7cfcbb32fe02ac2ed22bc1ca2e202148f28b25fb2877a5c38316ef9406c2e28b436700ade8a023de200349c3cd07f5d3b2775d7d19b9dc

    Download Submit